Hi Peter,
Peter Colton wrote:
A handy tool I use to cut down on ssh brute force attacks is fail2ban : You
can install it from backports.org.
Add the backport url to your sources.list
http://www.backports.org/dokuwiki/doku.php?id=instructions
Then after you have installed fail2ban comment out www.backports.org url in
your apt sources.list so that you will not bring in any unwanted packages in
the future.
http://fail2ban.sourceforge.net/wiki/index.php/README
http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/
http://www.debianhelp.co.uk/fail2ban.htm
Thank you. That looks like a useful tool. I have already installed it on
one server to see how it goes. Is there some way of also automatically
reporting these ip's so that whoever is responsible for that server is
alerted to a worm or whatever might be causing this?
Shri
--
Shri Shrikumar
Technologist Extraordinaire
Kraya
t: 0845 644 4745
d: 0131 247 8021
f: 0131 478 7377
w: www.kraya.co.uk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
